Learn how to resolve the “Hyperthreading Unmitigated” problem in VMware ESXi. Our VMware Support team is here to help you with your questions and concerns.

“Hyperthreading Unmitigated” Warning in VMware ESXi

If you have come across the “VMware ESX problem hyperthreading unmitigated” warning, it has to be addressed immediately, as it signals a potential security vulnerability.

Let’s dive into what this means, why it happens, and how to fix it.

The “Hyperthreading Unmitigated” warning in VMware ESXi indicates that Hyper-Threading (HT) vulnerabilities — specifically linked to the L1 Terminal Fault (L1TF) vulnerability — have not been fully mitigated.

In other words, a malicious VM could potentially access sensitive information from other VMs running on the same physical core because hyperthreading shares cache memory.

Hyperthreading lets a single CPU core run multiple threads, but if not properly managed, it can create a security risk by allowing unauthorized access between VMs.

Symptoms of the Issue

We may notice the following notifications in vCenter Server, especially after applying the ESXi patches mentioned in VMSA-2018-0020 or later releases:

• XXX esx.problem.hyperthreading.unmitigated.formatonhost not found XXX
• esx.problem.hyperthreading.unmitigated

These warnings indicate that the L1TF vulnerability mitigation is incomplete or not yet enabled on the ESXi host.

Why Does This Happen?

The issue often arises due to a mismatch between ESXi and vCenter versions. Here’s why:

• When ESXi is patched before vCenter — either manually or using vSphere Update Manager — the host sends a message about the L1TF vulnerability, but vCenter doesn’t recognize it yet, leading to the confusing “formatonhost not found” message.
• The L1TF mitigation is not enabled by default — it requires manual configuration and a host reboot.

In short, the patches address the vulnerability, but the necessary hyperthreading mitigation settings still need to be activated.

How to Fix “Hyperthreading Unmitigated” in VMware ESXi

1. Update vCenter Server

The first reliable fix is to update vCenter to the latest version:

• This translates the internal reference notification into human-readable messages.
• Ensures both vCenter and ESXi are in sync regarding security updates.

2. Enable Hyperthreading Mitigation

Even after updating, the mitigation is not automatic. Follow these steps to enable it:

1. First, log into the ESXi host.
2. Then, go to Host > Manage > Settings > Advanced System Settings.
3. Search for `UserVars.SuppressHyperthreadWarning`.
4. Now, change its value from `0` to `1` to suppress the warning once you’ve verified mitigations are in place.
5. Finally, reboot the ESXi host for changes to take effect.

Our Experts would like to point out that suppressing the warning does not fix the vulnerability — it only hides the alert. So, make sure mitigations are properly applied first.

3. Manually Configure L1TF Mitigation

If we cannot update vCenter immediately, we can still manually mitigate the L1TF vulnerability:

1. Ensure ESXi patches from VMSA-2018-0020 or newer are installed.
2. Verify BIOS updates from the hardware vendor are applied — these may include microcode fixes for CPU vulnerabilities.
3. Consider disabling Hyper-Threading in a high-security environment where performance trade-offs are acceptable.

4. Disable Hyperthreading

For high-security environments, disabling Hyper-Threading is the most foolproof way to mitigate L1TF risks:

1. Log into ESXi Host Client.
2. Then, go to Host > Manage > Settings > Advanced System Settings.
3. Find `VMkernel.Boot.HyperThreadingMitigation` and set it to `true`.
4. Finally, reboot the host.

[Need assistance with a different issue? Our team is available 24/7.]

Conclusion

The “Hyperthreading Unmitigated” warning is more than just an annoying alert — it highlights a security risk requiring immediate attention.

In brief, our Support Experts demonstrated how to handle the “Hyperthreading Unmitigated” problem in VMware ESXi